Hi, I want to block incoming calls using my backend server, like the unwantend sms using message filter extension. I saw that Call Directory Extension can block numbers, but you need update the list, is not in real time. I was reading the Live Caller ID Look up extension documentation, and it seems that with this extension is possible send the number to backend and retrieve a value to know if the call should be block or not. Am I right? Or is not possible this feature with this extension? Thanks!

The example database/server provided by Apple for Live Caller ID contains a hardcoded database with a tiny number of pre-defined numbers. However, its not expected to be representational of an live real world usage server. But the question is how can that be accomplished if its a requirement that the data be KPIR encrypted? In real world scenarios, the factors that effect whether a number should be blocked or not are continually changing and evolving on a minute-by-minute basis and new information becomes available or existing information changes. If the database supports tens of millions or hundreds of millions of constantly changing phone numbers, in order to meet the requirements of the Live Caller ID being KPIR encrypted, that would imply the database has to re-encrypt its database of millions endlessly for all time. That seems unfeasable and impractical to implement. Therefore how do the Apple designers of this feature envisage/suggest a real-world server supporting millions of changing data should meet the requirement to be KPIR encrypted?

I'm trying to implement live caller id PIR server in python and I have an issue related to evaluation key config. I don't receive the POST /key request even if I try to install the extension on new device and I had this error in device system logs: error 11:21:30.663022+0200 ciphermld requestData(byKeywords:shardIds:clientConfig:) threw an error: CipherML.CipherMLError.missingSecre t Ke y I think the reason why the evaluation key is not generated is related to this error but I'm not sure. It might be also related to HE params - I tried with the same params as in swift server example with plaintext_modulus=17 and it works, but for plaintext_modulus=65537 on the same device the system doesn't send me the evaluation key. Is there a limitation that restricts the evaluation key generation for some HE params? There is how the entire config object that I retrieve looks like: { "configs": { "Live-C aller-ID-Lookup. TestLiveCallerI D.iden tity": { "pir_config": { "encry ption_p aram eters": { "pol ynomial_deg ree": "4096", "plaint ext_mo dulus": "65537", "coeff icient_m oduli": [ "134176769", "268369921", "268361729" ], "secu rity_le vel": "SECU RITY LEVEL QUANT UM128", "h e_sc heme": "H E_SC HEM E_B F V" }, "shard_configs": [ { "num_entries": "2", "entry_size": "55991", "dimensions": [ "2", "1" ], "shard_id": "" } ], "keyword_pir_params": { "num_hash_functions": "2", "sharding_function": { "sha256": {} } }, "algorithm": "PIR _ALGO RITHM _MUL_PIR", "batch_size": "2", "evalu ation_ke config_hash": "" }, "config_id": "" } }, "key_info": [ { "timestamp": "1738660849", "key_config": { "encryp tion_par ameters": { "polynomial_degree": "4096", "plaintex t_mo dulus": "65537", "coeffic ient_m oduli": [ "134176769", "268369921", "268361729" ], "secu rity_level": "SECUR ITY_LEVEL_QU ANTUM128", "he_sc heme": "HE_SC HEME_BFV" }, "gal ois_e lements": [ 20 49, 40 97 ], "has _rel in_key": true } } ] } PS evaluation key data is just a placeholder, but anyway it should be skipped cause of expired timestamp More logs: ```language default 11:21:30.535865+0200 ciphermld Running rotation task for ["Live-Caller-ID-Lookup.TestLiveCallerID.identity"] info 11:21:30.535953+0200 ciphermld Skipping groups that manage their own networking: <private> default 11:21:30.537007+0200 ciphermld Request to fetchConfigs has started for useCases '["Li ve-Caller-ID-Lookup.TestLiveCallerID.identity"]', userId: '<private>', existingConfigIds: '["id"]' default 11:21:30.542174+0200 ciphermld Request to queries-batch has started for userId: '<private>', length: 28350 default 11:21:30.655914+0200 ciphermld Request to fetchConfigs has finished, response length: 230 default 11:21:30.656182+0200 ciphermld Received configurations: 1 usecase(s), 1 key(s) for group 'Live-Caller-ID-Lookup.TestLiveCallerID.identity' debug 11:21:30.660868+0200 ciphermld Skipping non-active key: timestamp: 1738660849 key_config { encryption_parameters { polynomial_degree: 4096 plaintext_modulus: 65537 coefficient_moduli: [134176769, 268369921, 268361729] security_level: Quantum128 he_scheme: BFV } galois_elements: [2049, 4097] has_relin_key: true } error 11:21:30.662982+0200 ciphermld No key for use-case 'Live-Caller-ID-Lookup.TestLiveCallerID.identity' error 11:21:30.663022+0200 ciphermld requestData(byKeywords:shardIds:clientConfig:) threw an error: CipherML.CipherMLError.missingSecre t Ke y default 11:21:30.663824+0200 com.apple.CallKit.CallDirectory <private> XPC request complete, results(0) error:Error Domain=CipherML.CipherMLError Code=32 "missing secre t ke y" UserInfo={NSLocalizedDescription=missing secre t ke y} default 11:21:30.972372+0200 ciphermld Request to queries-batch has finished response, length: 0 default 11:21:30.974711+0200 com.apple.CallKit.CallDirectory <private> XPC request complete, results(1) error:(null) default 11:21:36.161964+0200 com.apple.CallKit.CallDirectory <private> Sending XPC request default 11:21:36.163149+0200 com.apple.CallKit.CallDirectory <private> Sending XPC request default 11:21:36.169931+0200 ciphermld requestData(byKeywords:shardIds:clientConfig:) method was called default 11:21:36.170448+0200 ciphermld requestData(byKeywords:shardIds:clientConfig:) method was called default 11:21:36.174001+0200 ciphermld Cached: 0 / Missing: 1 error 11:21:36.174997+0200 ciphermld No userId or secre t Ke y for use-case '.Lve-Caller-ID-Lookup.TestLiveCallerID.identity'. Running rotation task' default 11:21:36.175075+0200 ciphermld Running rotation task for ["Live-Caller-ID-Lookup.TestLiveCallerID.identity"] info 11:21:36.175240+0200 ciphermld Skipping groups that manage their own networking: <private> default 11:21:36.177700+0200 ciphermld Request to fetchConfigs has started for useCases '["Live-Caller-ID-Lookup.TestLiveCallerID.identity"]', userId: '<private>', existingConfigIds: '["id"]' default 11:21:36.179914+0200 ciphermld Request to queries-batch has started for userId: '<private>', length: 28350 default 11:21:36.336051+0200 ciphermld Request to fetchConfigs has finished, response length: 230 default 11:21:36.336308+0200 ciphermld Received configurations: 1 usecase(s), 1 key(s) for group 'Live-Caller-ID-Lookup.TestLiveCallerID.identity' debug 11:21:36.341522+0200 ciphermld Skipping non-active key: timestamp: 1738660849 key_config { encryption_parameters { polynomial_degree: 4096 plaintext_modulus: 65537 coefficient_moduli: [134176769, 268369921, 268361729] security_level: Quantum128 he_scheme: BFV } galois_elements: [2049, 4097] has_relin_key: true } error 11:21:36.356497+0200 ciphermld No key for use-case 'Live-Caller-ID-Lookup.TestLiveCallerID.identity' error 11:21:36.356669+0200 ciphermld requestData(byKeywords:shardIds:clientConfig:) threw an error: CipherML.CipherMLError.missingSecre t Ke y default 11:21:36.357075+0200 com.apple.CallKit.CallDirectory <private> XPC request complete, results(0) error:Error Domain=CipherML.CipherMLError Code=32 "missing secre t ke y" UserInfo={NSLocalizedDescription=missing secre t ke y} default 11:21:36.625701+0200 ciphermld Request to queries-batch has finished response, length: 0 default 11:21:36.626749+0200 com.apple.CallKit.CallDirectory

Hi everyone, i'm a newbie swift programmer and i've received a very challenging task. I'm trying to develop ad app that close and incoming call if the calling number is not in the user's contact list. Is it possibile? Do I have to use a particular extension? thanks for all the support!.

Hello! What is the TTL for evaluation key(s) used in Live Caller ID feature on iOS client side? We would like to align our server-side key storage TTL with the iOS client implementation to optimize memory usage. Would really appreciate your help on this.

Hi Apple Developer, I’m working on a message-filtering application and reviewing Apple's documentation on message filtering. The documentation clearly states that MMS messages can be filtered. (https://developer.apple.com/documentation/identitylookup/sms-and-mms-message-filtering) When we refer to MMS, it includes images, short videos, and other supported multimedia formats. However, the ILMessageFilterQueryRequest only provides the message body as a String, meaning we can access text and links but not images or other media files. Could you please confirm whether Apple allows third-party applications to access multimedia content sent from unknown numbers? Looking forward to your quick response. Thanks, Rijul Singhal

Hi Apple Developer, I’m working on a message-filtering application and reviewing Apple's documentation on message filtering. The documentation clearly states that MMS messages can be filtered. (https://developer.apple.com/documentation/identitylookup/sms-and-mms-message-filtering) When we refer to MMS, it includes images, short videos, and other supported multimedia formats. However, the ILMessageFilterQueryRequest only provides the message body as a String, meaning we can access text and links but not images or other media files. Could you please confirm whether Apple allows third-party applications to access multimedia content sent from unknown numbers? Looking forward to your quick response. Thanks, Rijul Singhal

Hi, I'm trying to setup PIR service for live caller id lookup (in python but based on swift example: https://github.com/apple/live-caller-id-lookup-example). The swift example provides utilities for database setup and encryption, but I can't find any specification about which key is used for database encryption and how the ios system knows about this key in order to be able to construct the PIR requests. So my question is how does the PIR service communicate the secret key to ios system or vice versa? (specific to the test environment, before onboarding)

Hi Apple Developers, I am currently working on a message filtering application and facing issues specifically with filtering RCS (Rich Communication Services) messages. To debug this, I created a sample app that consistently categorizes all incoming messages as "junk." However, the filtering behaviour is inconsistent and not functioning as expected. Here are the key issues observed during testing on iOS versions 18.2.1 and 18.3: Inconsistent Filtering Behavior: When a message is received from an unknown number, it sometimes gets moved to the Junk folder momentarily but is then immediately moved back to the main Messages inbox. In some cases, the message does not get moved to the Junk folder at all, despite the app returning the verdict as "junk." Duplicate Contact Tiles: The Messages app displays two separate conversation tiles for the same mobile number, which is unexpected behavior. For reference, my carrier partner is T-Mobile. Please let me know if you need any additional information to investigate this issue further. Looking forward to your insights and guidance. Best regards, Rijul Singhal

Hi Apple Developers, I am currently working on a message filtering application and facing issues specifically with filtering RCS (Rich Communication Services) messages. To debug this, I created a sample app that consistently categorizes all incoming messages as "junk." However, the filtering behaviour is inconsistent and not functioning as expected. Here are the key issues observed during testing on iOS versions 18.2.1 and 18.3: Inconsistent Filtering Behavior: When a message is received from an unknown number, it sometimes gets moved to the Junk folder momentarily but is then immediately moved back to the main Messages inbox. In some cases, the message does not get moved to the Junk folder at all, despite the app returning the verdict as "junk." Duplicate Contact Tiles: The Messages app displays two separate conversation tiles for the same mobile number, which is unexpected behavior. I have attached both a sample app and a screen recording that clearly demonstrates the issue. The recording shows that the app categorizes messages as junk, yet they still end up in the main Messages inbox. For reference, my carrier partner is T-Mobile. Please let me know if you need any additional information to investigate this issue further. Looking forward to your insights and guidance. Best regards, Rijul Singhal

I am using the Call Range Blocker App (App URL: https://apps.apple.com/in/app/call-ranger-spam-call-blocker/id1154832936) to block unwanted calls, so my phone doesn’t ring. However, despite being blocked, these calls still appear as unanswered calls in the call history, which is very frustrating. When users block a number, they expect to block all communication from that number, including call logs. When I contacted the app developer, I was informed that after iOS 18, blocked calls are still showing up as unanswered calls in the call history. I kindly request that Apple’s iOS development team look into this issue and address it in the next update. It is quite annoying to see blocked calls appear in the recent call history, and users would prefer not to have them show up at all. Thank you John

Hi, I'm implementing a Message Filter Extension and need clarification about the ILMessageFilterExtensionNetworkURL Info.plist key. Is it valid to include query parameters in the URL like: https://example.com/test?id=123 I want to make sure this approach will pass App Review before implementing it. The query parameter would be used to identify the client making the filtering request. Has anyone successfully used URLs with query parameters in their approved Message Filter Extensions? Any insights would be appreciated. Thanks!

If I run an app with a Message Filter Extension on iOS 18 then it works as expected, however if its installed onto a phone with iOS 17.6.1 then there is the following error: dyld[1042]: Symbol not found: _$sSo40ILMessageFilterCapabilitiesQueryResponseC14IdentityLookupE21promotionalSubActionsSaySo0abI6ActionVGvs Referenced from: <C82A1045-98F4-3751-8080-413FD0B0DEEB> /private/var/containers/Bundle/Application/F295C156-9B20-4927-AEFA-C6983388B193/Myapp.app/PlugIns/MyMessageFilterExtension.appex/CequintTextFilterExtension.debug.dylib Expected in: <29BFFA34-9B52-3D14-A254-A0653545B72E> /System/Library/Frameworks/IdentityLookup.framework/IdentityLookup (App built using XCode 16.2). Here's code causing the issue: import IdentityLookup final class MessageFilterExtension: ILMessageFilterExtension {} extension MessageFilterExtension: ILMessageFilterQueryHandling, ILMessageFilterCapabilitiesQueryHandling { func handle(_ capabilitiesQueryRequest: ILMessageFilterCapabilitiesQueryRequest, context: ILMessageFilterExtensionContext, completion: @escaping (ILMessageFilterCapabilitiesQueryResponse) -> Void) { let response = ILMessageFilterCapabilitiesQueryResponse() response.transactionalSubActions = [.transactionalCarrier, .transactionalHealth, .transactionalPublicServices, .transactionalFinance, .transactionalWeather, .transactionalRewards, .transactionalOrders, .transactionalOthers, .transactionalReminders] response.promotionalSubActions = [.promotionalOffers, .promotionalOthers, .promotionalCoupons] completion(response) } Message filter sub actions were introduced in iOS 16, so why is this error occurring when the code is run on iOS 17, but its fine with iOS 18? This isn't specific to my app, its easily reproducable in two minutes - create an app, add a message filter extension target, change the template code to add a transactional or promotional sub action and then run and it'll occur. (Reported as issue FB16148083)

During development, before things eventually go live, if the associated server for a message filter extension has a self signed SSL then if/how can test iPhones be configured such that the OS will connect to the server when they are performing a message filter query request?

I have a question regarding specifying URLs for a Message Filter App Extension. https://developer.apple.com/documentation/identitylookup/creating-a-message-filter-app-extension The documentation states “If you have servers that can help your app extension determine how to handle a message, you must add the Associated Domains capability to your Xcode project and specify those domains.” The term servers and domains is specified in the plural, and adding two occurrences of ILMessageFilterExtensionNetworkURL to the info.plist doesn’t cause a build error. So the first question is: 1.What is the behaviour of the OS when two instances of ILMessageFilterExtensionNetworkURL but specifying different urls is defined? Does the OS, for example always try one url first, and if that doesn’t respond after N seconds, it attempts the second one? Can the Message Filter Extension indicate which of multiple defined ILMessageFilterExtensionNetworkURL should be used at run time? 3.How does the OS behave if a URL specified for ILMessageFilterExtensionNetworkURL resolves to two VIPs? Will the OS retry if the first VIP is not accessible (similar to any typical browser or web application behavior). Thank you

I'm getting ILMessageFilterError.networkURLUnauthorized returned in a message filter extension when calling deferQueryRequestToServer(). Googling for people who have had the same error, they didn't include the associated domain in the containing app. However I have added that. The server is set up at https://something.com:443, it has an apple association file located at https://something.com:443/.well-known/apple-app-site-association I have added associated domains to the app and the app extension of: messagefilter:something.com?mode=developer webcredentials:something.com?mode=developer Side question 1: are both needed or just the messagefilter? Side question 2: should the domain include the port :443? The server isn't publicly hosted hence I've appended ?mode=developer on the end as per the documentation. The extension's info.plist has ILMessageFilterExtensionNetworkURL added as something.com Question 3: Does this need the port adding too? With everything set up according to the documentation, apart from the questions above, what might be the cause of getting networkURLUnauthorized returned?

The documentation (https://developer.apple.com/documentation/BundleResources/Entitlements/com.apple.developer.associated-domains) for a message filter extension says: If you use a private web server, which is unreachable from the public internet, while developing your app, enable the alternate mode feature to bypass the CDN and connect directly to your server. <service>:<fully qualified domain>?mode=<alternate mode> Where alternate mode is one of the following: developer Specifies that only devices in developer mode can access the domain. In this mode, you can use any valid SSL certificate on your web server, including a certificate that the system doesn’t trust. What does it mean "you can use any valid SSL certificate on your web server"? Does the app have to do anything with regards to this?

The documentation for adding a Message Filter Extension states that the Associated Domains capability should be added to the Xcode project. But what does that mean, should it be added to the app extension, to the app, or to both the app extension and the app? The documentation doesn't say which exactly.

In the mobile application we are developing we need to use the "SMS and MMS Message Filtering" functionality to analyze SMS messages received from unknown senders. The questions that arise about the use of this functionality are: Does this functionality allow these messages to be sent to solutions deployed in Microsoft Azure?. If the previous case is confirmed, could we use Rest APIs that we already have deployed in Azure?. If it were not possible to configure access to an existing Rest API, what would be the definition of the API to be implemented in the cloud for this service?. And finally, how would the configuration of access permissions to this API deployed in the cloud be?.

In the documentation for a Message Filter Extension it states: If you have servers that can help your app extension determine how to handle a message, you must add the Associated Domains capability to your Xcode project and specify those domains. (https://developer.apple.com/documentation/sms_and_call_reporting/sms_and_mms_message_filtering/creating_a_message_filter_app_extension) The words servers and domains are in the plural. If it's possible to specify multiple servers/domains for a Message Filter Extension then how is that done? There's no documentation nor reference for that. If multiple domains can be added to the info.plist then what is the iOS behavior in that case? Can the extension supply/change which domain is used at run time?